Results 1 to 18 of 18

Thread: what next !!!

  1. #1
    Join Date
    Jul 2002
    Posts
    311

    Question what next !!!

    Hello fellows !!

    i just got my server and the WHM & Cpanel all set,(my ISP set that up) and i m not that good at setting up security on webserver.
    so, what do i need to do next in order tighten up my server, any help guys as to how do i do it ?

    expecting any links, notes, descriptions, help or comments etc. etc.

    thanks

  2. #2
    Hi oc3, security is a pretty complex thing, the "easiest" thing to do, which will still keep you pretty secure, would be to make sure all of the applications run which are bound to a port, or which are used along side apache, are ALWAYS up to date, with the latest security patches. Don't allow anonymous access on anything.
    Don't allow your user's to allow anonymous access on FTP.

    If you'd like a friend of mine to give your server the highest security possible at this current time, send me a private message and we can sort a price out.

  3. #3
    Join Date
    Jul 2001
    Location
    Troy, Missouri USA
    Posts
    1,299

    WHM/Cpanel

    At this time WHM/cPanel is the best control panel out there so you are offf to a good start.

    Whm/cPanel updated it's self every night, so that is a big help. One importent thing to remember is that you have a cPanel/Linux server not just a Linux server. What I mean is that cPanel makes changes to files that you would not see on a regular Linux box.

    So if you were to install something that overwrote one of these configuation files it could me trouble.

    Search here or at http://cpanel.net before you think about adding any features like, Java, ASP, or Mod_Gzip.

    Do not offer telnet period, or SSH unless you know why the client need access to it. Many hosts get a copy of a photo Id first.

    Use a good password with mixed chars. like: 1ThiS~Ab2

    Don't ever give anyone root unless you are sure about that person. If you need something done to the server use someone from you host. If you do use someone else check that person out very carefully. If they don't have a few good references forget about them. There are some on this board that have been around while.

    Sending the root password through email is not a good idea either.

    Good Luck
    Sitekeeper
    Google

  4. #4
    Join Date
    Jul 2001
    Posts
    145
    hmm let me see...though not necessarily in this order:

    1) really understand you OS!
    2) see number 1
    3) see number 2
    4) update and install the latest patches
    5) only enable the services that you really need and stop all the other services that you don't.
    6) don't use telnet but use ssh to connect to your server remotely. if possible never telnet/ftp out from your server to a different server. this is a security risk.
    7) check out www.securityfocus.com - an excellent resource.
    8) make a backup of all your binaries on a fresh OS install in case you need it in the future.

    there's more to security than what i've mentioned above. there were just some that I could think of...
    spam --> /dev/null

  5. #5
    Join Date
    Jul 2002
    Posts
    311

    Thumbs up

    thank you guys soo much....please keep comming !!! its really a booster.


    regards

  6. #6
    Join Date
    Oct 2001
    Posts
    1,319
    I am far from a security expert but you should make the .. i dont know what they are officially called... MD5 checksums of important binaries and store them so you can compare them at a later date, remove unrequired entries in the password files, whatelse... I guess what everyone else was saying, update update update...
    Avi B

  7. #7
    I'm surprised no one has mentioned make sure that you access your server ONLY via SSH - NEVER use Telnet; ensure that you have the latest and greatest OpenSSH installed; prefer the use of Secure FTP and just be sensible with your user policies.

  8. #8
    Join Date
    Jul 2001
    Location
    Troy, Missouri USA
    Posts
    1,299
    (6) don't use telnet but use ssh to connect to your server remotely. if possible never telnet/ftp out from your server to a different server. this is a security risk.
    I think it was covered...
    Sitekeeper
    Google

  9. #9
    Cheers.. reading too fast and missed it!

  10. #10
    Join Date
    Jul 2002
    Posts
    311

    Exclamation

    Is that all,

    so, i can take it as if it is done, and need not worry much about it.

    regards/-

  11. #11
    Join Date
    Jan 2002
    Location
    Kuwait
    Posts
    679
    Originally posted by oc3
    Is that all,

    so, i can take it as if it is done, and need not worry much about it.

    regards/-
    Well, yes, if you consider this to be easy:

    Code:
    1) really understand you OS! 
    2) see number 1 
    3) see number 2

    I would like to add one more thing, read a security book. I read "Hacking Linux Exposed" myself and I find it great.
    Ahmad Alhashemi
    PHP, Apache, C, Python, Perl, SQL
    18 related BrainBench certificates

  12. #12
    Join Date
    Aug 2002
    Posts
    655
    never allow shell access to your customers, i believe 95% of servers are hacked because of this, turn telnet off, use only ssh to access yourself. make sure you allocate /bin/false shell to all your customers.

  13. #13
    Join Date
    Jul 2002
    Location
    New Hampshire
    Posts
    154
    never allow shell access to your customers,
    Boooooooo. Luckily my current host allows me a shell. Makes it a lot easier for me to maintain my web site.
    When you say "I wrote a program that crashed Windows", people just stare at
    you blankly and say "Hey, I got those with the system, *for free*".
    -- Linus Torvalds

  14. #14
    Join Date
    Jun 2002
    Location
    North Pole
    Posts
    115
    Originally posted by hostchamp
    never allow shell access to your customers, i believe 95% of servers are hacked because of this, turn telnet off, use only ssh to access yourself. make sure you allocate /bin/false shell to all your customers.
    If you use the right directory permissions, your server will be secure. Don't use the right permissions, your just asking for it.

    I only provide shell access to customers that have had an account for over 3 months.

  15. #15
    Join Date
    Dec 2000
    Location
    The Woodlands, Tx
    Posts
    5,974
    Originally posted by sitekeeper
    At this time WHM/cPanel is the best control panel out there so you are offf to a good start.
    I dont know who lied to you and why you believed it. You can search these forums to find that's not true. I have yet to see any host now using WHM who have actually previously used Hsphere in a live environment. There are however, a great number of hosts that have dumped WHM for Hsphere...myself included.

    On another note, I visited your site. Reading the part about mod_gzip, thought I would update you about the new one, mod_hs. It's by the same makers, but it's not free. It's $1500 per CPU. I am about to test it to see if it's worth it...

  16. #16
    Join Date
    Aug 2002
    Posts
    655
    If you use the right directory permissions, your server will be secure. Don't use the right permissions, your just asking for it.


    the elf could you pls elaborate on the above, may be i can learn too.

  17. #17
    Join Date
    Jul 2002
    Posts
    311

    ssh setup

    Hello,

    so, can some one tell me how do u go about setting up a secured ssh on the server. i mean in detail !!!

    Thanks

  18. #18
    Join Date
    Jul 2002
    Location
    New Hampshire
    Posts
    154
    While I believe that shell access is important for my web hosting and I also think it should be an option for service I don't agree with the following:

    If you use the right directory permissions, your server will be secure
    Thats a false sense of security. Every now and again a vulnerability will come out that will allow a local user to gain root regardless of directory permissions.

    I don't think thats a great reason for disallowing this access however. Just subscribe to bugtraq, know your security and update as soon as there is a problem.

    Sadistikal
    When you say "I wrote a program that crashed Windows", people just stare at
    you blankly and say "Hey, I got those with the system, *for free*".
    -- Linus Torvalds

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •